Hi all, Symptons: Homepage is automatically always set to: hxxp:// %68%6F%6D%65%70%61%67%65%2E%63%6F%6D%00@%77%77%77%2e%65%2d%66% 69%6e%64%65%72%2e%63%63/%68%70/ if i change it to anything else, it resets itself back. i can now access other sites, but it is just the homepage not working, i do not want to leave it like this because i know the computer is still infected. This trojan is this file: msmsgsui.exe NOD will pick it up, remove it, but refresh, it comes back. Running XP Pro /SP2 I have also ran updated: - Ad-Aware SE - this will clean many items, remove ok, clean again and they are back aswell. - Service Pack 2 - all updates after SP2. - SpyBot S & D - this picked up many items aswell, but these ones havnt returned. - CWShredder - This removes 16 infected IE registries. These return aswell. - Hijackthis - i have follow instructions from here http://forums.thatcomputerguy.us/index.php?showtopic=1959 I can only clean the dpe.dll file, but this keeps returning aswell. The shdoclc.dll file is also involved in this mess. As so is the Trojandownloader.Agent.BC trojan as this pops up aswell every so often in the system volume information, SYSTEM RESTORE IS NOW TURNED OFF. Here is the hijackthis log: Logfile of HijackThis v1.97.7 Scan saved at 1:16:42 PM, on 10/11/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) ~~snip ~~ Hijack This log removed - Blackspear. How can i get NOD to remove this virus once and for all? If anyone has any idea's on what to do next, a big thankyou.